CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2015-8703 – ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-8703
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248. Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE y dispositivos ZXV10 W300 en versiones anteriores aW300V1.0.0f_ER1_PE permiten a usuarios remotos autenticados eludir las restricciones destinadas al acceso, y descubrir credenciales y claves, leyendo el archivo de configuración, una vulnerabilidad diferente a CVE-2015-7248. • https://www.exploit-db.com/exploits/38773 http://www.securityfocus.com/bid/77421 https://www.kb.cert.org/vuls/id/391604 https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 44%CPEs: 2EXPL: 4CVE-2014-4019 – ZTE WXV10 W300 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4019
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. El enrutador ZTE ZXV10 W300 versiones de firmware W300V1.0.0a_ZRD_LK, almacena información confidencial en la web root con un control de acceso insuficiente, lo que permite a atacantes remotos leer archivos de respaldo por medio de una petición directa para rom-0. ZTE WXV10 W300 suffers from suffers from backup disclosure, cross site request forgery, denial of service, and file disclosure vulnerabilities. • https://www.exploit-db.com/exploits/33803 http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html http://www.exploit-db.com/exploits/33803 http://www.osvdb.org/102668 https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •